OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Guard against unauthorized agent deletes.

cpu-performance
Diva Canto 2013-07-13 21:28:46 -07:00
parent 931eb892d9
commit b4f1b9acf6
9 changed files with 57 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
OpenSim/Region/CoreModules/Framework/EntityTransfer/EntityTransferModule.cs
View File

@ -817,7 +817,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: UpdateAgent failed on teleport of {0} to {1} from {2}. Keeping avatar in source region.",
sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName);
Fail(sp, finalDestination, logout, "Connection between viewer and destination region could not be established.");
Fail(sp, finalDestination, logout, Util.Md5Hash(currentAgentCircuit.Id0), "Connection between viewer and destination region could not be established.");
return;
}
@ -829,7 +829,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: Cancelled teleport of {0} to {1} from {2} after UpdateAgent on client request",
sp.Name, finalDestination.RegionName, sp.Scene.Name);
CleanupFailedInterRegionTeleport(sp, finalDestination);
CleanupFailedInterRegionTeleport(sp, Util.Md5Hash(currentAgentCircuit.Id0), finalDestination);
return;
}
@ -873,7 +873,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
"[ENTITY TRANSFER MODULE]: Teleport of {0} to {1} from {2} failed due to no callback from destination region. Returning avatar to source region.",
sp.Name, finalDestination.RegionName, sp.Scene.RegionInfo.RegionName);
Fail(sp, finalDestination, logout, "Destination region did not signal teleport completion.");
Fail(sp, finalDestination, logout, Util.Md5Hash(currentAgentCircuit.Id0), "Destination region did not signal teleport completion.");
return;
}
@ -927,7 +927,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
/// <remarks>
/// <param name='sp'> </param>
/// <param name='finalDestination'></param>
protected virtual void CleanupFailedInterRegionTeleport(ScenePresence sp, GridRegion finalDestination)
protected virtual void CleanupFailedInterRegionTeleport(ScenePresence sp, string auth_token, GridRegion finalDestination)
{
m_entityTransferStateMachine.UpdateInTransit(sp.UUID, AgentTransferState.CleaningUp);
@ -938,7 +938,7 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
// Finally, kill the agent we just created at the destination.
// XXX: Possibly this should be done asynchronously.
Scene.SimulationService.CloseAgent(finalDestination, sp.UUID);
Scene.SimulationService.CloseAgent(finalDestination, sp.UUID, auth_token);
}
/// <summary>
@ -948,9 +948,9 @@ namespace OpenSim.Region.CoreModules.Framework.EntityTransfer
/// <param name='finalDestination'></param>
/// <param name='logout'></param>
/// <param name='reason'>Human readable reason for teleport failure. Will be sent to client.</param>
protected virtual void Fail(ScenePresence sp, GridRegion finalDestination, bool logout, string reason)
protected virtual void Fail(ScenePresence sp, GridRegion finalDestination, bool logout, string auth_code, string reason)
{
CleanupFailedInterRegionTeleport(sp, finalDestination);
CleanupFailedInterRegionTeleport(sp, auth_code, finalDestination);
m_interRegionTeleportFailures.Value++;

4
OpenSim/Region/CoreModules/ServiceConnectorsOut/Simulation/LocalSimulationConnector.cs
View File

@ -286,7 +286,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
return false;
}
public bool CloseAgent(GridRegion destination, UUID id)
public bool CloseAgent(GridRegion destination, UUID id, string auth_token)
{
if (destination == null)
return false;
@ -297,7 +297,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
// "[LOCAL SIMULATION CONNECTOR]: Found region {0} {1} to send AgentUpdate",
// s.RegionInfo.RegionName, destination.RegionHandle);
m_scenes[destination.RegionID].IncomingCloseAgent(id, false);
m_scenes[destination.RegionID].IncomingCloseAgent(id, false, auth_token);
return true;
}

6
OpenSim/Region/CoreModules/ServiceConnectorsOut/Simulation/RemoteSimulationConnector.cs
View File

@ -245,18 +245,18 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Simulation
}
public bool CloseAgent(GridRegion destination, UUID id)
public bool CloseAgent(GridRegion destination, UUID id, string auth_token)
{
if (destination == null)
return false;
// Try local first
if (m_localBackend.CloseAgent(destination, id))
if (m_localBackend.CloseAgent(destination, id, auth_token))
return true;
// else do the remote thing
if (!m_localBackend.IsLocalRegion(destination.RegionID))
return m_remoteConnector.CloseAgent(destination, id);
return m_remoteConnector.CloseAgent(destination, id, auth_token);
return false;
}

26
OpenSim/Region/Framework/Scenes/Scene.cs
View File

@ -3452,7 +3452,7 @@ namespace OpenSim.Region.Framework.Scenes
regions.Remove(RegionInfo.RegionHandle);
// This ends up being done asynchronously so that a logout isn't held up where there are many present but unresponsive neighbours.
m_sceneGridService.SendCloseChildAgentConnections(agentID, regions);
m_sceneGridService.SendCloseChildAgentConnections(agentID, Util.Md5Hash(acd.Id0), regions);
}
m_eventManager.TriggerClientClosed(agentID, this);
@ -4277,6 +4277,25 @@ namespace OpenSim.Region.Framework.Scenes
return false;
}
/// <summary>
/// Authenticated close (via network)
/// </summary>
/// <param name="agentID"></param>
/// <param name="force"></param>
/// <param name="auth_token"></param>
/// <returns></returns>
public bool IncomingCloseAgent(UUID agentID, bool force, string auth_token)
{
//m_log.DebugFormat("[SCENE]: Processing incoming close agent {0} in region {1} with auth_token {2}", agentID, RegionInfo.RegionName, auth_token);
// Check that the auth_token is valid
AgentCircuitData acd = AuthenticateHandler.GetAgentCircuitData(agentID);
if (acd != null && Util.Md5Hash(acd.Id0) == auth_token)
return IncomingCloseAgent(agentID, force);
else
m_log.ErrorFormat("[SCENE]: Request to close agent {0} with invalid authorization token {1}", agentID, auth_token);
return false;
}
/// <summary>
/// Tell a single agent to disconnect from the region.
@ -4292,12 +4311,9 @@ namespace OpenSim.Region.Framework.Scenes
ScenePresence presence = m_sceneGraph.GetScenePresence(agentID);
if (presence != null)
{
presence.ControllingClient.Close(force);
return true;
}
// Agent not here
// Agent not here
return false;
}

8
OpenSim/Region/Framework/Scenes/SceneCommunicationService.cs
View File

@ -197,7 +197,7 @@ namespace OpenSim.Region.Framework.Scenes
/// <summary>
/// Closes a child agent on a given region
/// </summary>
protected void SendCloseChildAgent(UUID agentID, ulong regionHandle)
protected void SendCloseChildAgent(UUID agentID, ulong regionHandle, string auth_token)
{
// let's do our best, but there's not much we can do if the neighbour doesn't accept.
@ -210,7 +210,7 @@ namespace OpenSim.Region.Framework.Scenes
m_log.DebugFormat(
"[SCENE COMMUNICATION SERVICE]: Sending close agent ID {0} to {1}", agentID, destination.RegionName);
m_scene.SimulationService.CloseAgent(destination, agentID);
m_scene.SimulationService.CloseAgent(destination, agentID, auth_token);
}
/// <summary>
@ -219,14 +219,14 @@ namespace OpenSim.Region.Framework.Scenes
/// </summary>
/// <param name="agentID"></param>
/// <param name="regionslst"></param>
public void SendCloseChildAgentConnections(UUID agentID, List<ulong> regionslst)
public void SendCloseChildAgentConnections(UUID agentID, string auth_code, List<ulong> regionslst)
{
foreach (ulong handle in regionslst)
{
// We must take a copy here since handle is acts like a reference when used in an iterator.
// This leads to race conditions if directly passed to SendCloseChildAgent with more than one neighbour region.
ulong handleCopy = handle;
Util.FireAndForget((o) => { SendCloseChildAgent(agentID, handleCopy); });
Util.FireAndForget((o) => { SendCloseChildAgent(agentID, handleCopy, auth_code); });
}
}

6
OpenSim/Region/Framework/Scenes/ScenePresence.cs
View File

@ -3167,7 +3167,11 @@ namespace OpenSim.Region.Framework.Scenes
{
m_log.Debug("[SCENE PRESENCE]: Closing " + byebyeRegions.Count + " child agents");
m_scene.SceneGridService.SendCloseChildAgentConnections(ControllingClient.AgentId, byebyeRegions);
AgentCircuitData acd = Scene.AuthenticateHandler.GetAgentCircuitData(UUID);
string auth = string.Empty;
if (acd != null)
auth = Util.Md5Hash(acd.Id0);
m_scene.SceneGridService.SendCloseChildAgentConnections(ControllingClient.AgentId, auth, byebyeRegions);
}
foreach (ulong handle in byebyeRegions)

16
OpenSim/Server/Handlers/Simulation/AgentHandlers.cs
View File

@ -27,11 +27,13 @@
using System;
using System.Collections;
using System.Collections.Specialized;
using System.IO;
using System.IO.Compression;
using System.Reflection;
using System.Net;
using System.Text;
using System.Web;
using OpenSim.Server.Base;
using OpenSim.Server.Handlers.Base;
@ -92,7 +94,11 @@ namespace OpenSim.Server.Handlers.Simulation
string method = (string)request["http-method"];
if (method.Equals("DELETE"))
{
DoAgentDelete(request, responsedata, agentID, action, regionID);
string auth_token = string.Empty;
if (request.ContainsKey("auth"))
auth_token = request["auth"].ToString();
DoAgentDelete(request, responsedata, agentID, action, regionID, auth_token);
return responsedata;
}
else if (method.Equals("QUERYACCESS"))
@ -151,9 +157,9 @@ namespace OpenSim.Server.Handlers.Simulation
// Console.WriteLine("str_response_string [{0}]", responsedata["str_response_string"]);
}
protected void DoAgentDelete(Hashtable request, Hashtable responsedata, UUID id, string action, UUID regionID)
protected void DoAgentDelete(Hashtable request, Hashtable responsedata, UUID id, string action, UUID regionID, string auth_token)
{
m_log.Debug(" >>> DoDelete action:" + action + "; RegionID:" + regionID);
m_log.DebugFormat("[AGENT HANDLER]: >>> DELETE action: {0}; RegionID: {1}; from: {2}; auth_code: {3}", action, regionID, Util.GetCallerIP(request), auth_token);
GridRegion destination = new GridRegion();
destination.RegionID = regionID;
@ -161,12 +167,12 @@ namespace OpenSim.Server.Handlers.Simulation
if (action.Equals("release"))
ReleaseAgent(regionID, id);
else
Util.FireAndForget(delegate { m_SimulationService.CloseAgent(destination, id); });
Util.FireAndForget(delegate { m_SimulationService.CloseAgent(destination, id, auth_token); });
responsedata["int_response_code"] = HttpStatusCode.OK;
responsedata["str_response_string"] = "OpenSim agent " + id.ToString();
m_log.DebugFormat("[AGENT HANDLER]: Agent {0} Released/Deleted from region {1}", id, regionID);
//m_log.DebugFormat("[AGENT HANDLER]: Agent {0} Released/Deleted from region {1}", id, regionID);
}
protected virtual void ReleaseAgent(UUID regionID, UUID id)

7
OpenSim/Services/Connectors/Simulation/SimulationServiceConnector.cs
View File

@ -367,11 +367,10 @@ namespace OpenSim.Services.Connectors.Simulation
/// <summary>
/// </summary>
public bool CloseAgent(GridRegion destination, UUID id)
public bool CloseAgent(GridRegion destination, UUID id, string auth_code)
{
// m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: CloseAgent start");
string uri = destination.ServerURI + AgentPath() + id + "/" + destination.RegionID.ToString() + "/";
string uri = destination.ServerURI + AgentPath() + id + "/" + destination.RegionID.ToString() + "/?auth=" + auth_code;
m_log.DebugFormat("[REMOTE SIMULATION CONNECTOR]: CloseAgent {0}", uri);
try
{

2
OpenSim/Services/Interfaces/ISimulationService.cs
View File

@ -93,7 +93,7 @@ namespace OpenSim.Services.Interfaces
/// <param name="regionHandle"></param>
/// <param name="id"></param>
/// <returns></returns>
bool CloseAgent(GridRegion destination, UUID id);
bool CloseAgent(GridRegion destination, UUID id, string auth_token);
#endregion Agents